[ previous ] [ next ] [ threads ]
 
 From:  "Marino, Frank" <frank dot marino at velocitawireless dot com>
 To:  "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Problem allowing in-bound traffic
 Date:  Thu, 19 May 2005 16:41:36 -0400 
I am new to m0n0wall and am having difficulty in allowing traffic to pass
through the firewall.  I have a fairly basic setup described below:

LAN - 192.168.1.0/24
	m0n0wall 1.2b7 - 192.168.1.1
	Linux PC 1 - 192.168.1.199 (DHCP)

WAN - 64.187.160.0/24
	m0n0wall 1.2b7 - 64.187.160.13
	Linux PC 2 - 64.187.160.254
	Checkpoint FW - 64.187.160.3 (Routes to Internet)

LAN RULE BASE:

Proto		Source		Port		Destination		Port
Description
*		LAN Net		*		*			*
Default LAN -> any

WAN RULE BASE:

Proto		Source		Port		Destination		Port
Description
ICMP		*			*		*
*		Allow ICMP
TCP		*			*		LAN Net		22
(SSH)	Allow SSH to Internal Network

The Checkpoint FW is configured to allow full access to/from 64.187.160.13.

From the Linux PC 1 (LAN) I am able to browse web pages on the Internet, FTP
files, Ping, etc.

From the Internet, I can Ping the m0n0wall firewall address (64.187.160.13).

When I try to open an SSH session, it fails.  Here is the log output:

14:33:50.671514 sis0 @0:15 b 192.168.1.199,22 -> 64.187.160.149,1209 PR tcp
len 20 60 -AS IN
14:33:46.439259 sis0 @0:15 b 192.168.1.199,22 -> 64.187.160.149,1209 PR tcp
len 20 60 -AS IN
14:33:46.438894 sis0 @200:2 p 64.187.160.149,1209 -> 192.168.1.199,22 PR tcp
len 20 60 -S K-S OUT
14:33:46.438793 sis1 @200:2 p 64.187.160.149,1209 -> 192.168.1.199,22 PR tcp
len 20 60 -S K-S IN
14:33:43.444433 sis0 @200:2 p 64.187.160.149,1209 -> 192.168.1.199,22 PR tcp
len 20 40 -R K-S OUT
14:33:43.444334 sis1 @200:2 p 64.187.160.149,1209 -> 192.168.1.199,22 PR tcp
len 20 40 -R K-S IN
14:33:43.443641 sis1 @200:2 p 64.187.160.13,51194 -> 64.187.160.149,1209 PR
tcp len 20 60 -AS K-S OUT
14:33:43.443492 sis0 @200:2 p 192.168.1.199,22 -> 64.187.160.149,1209 PR tcp
len 20 60 -AS K-S IN
14:33:43.442717 sis0 @200:2 p 64.187.160.149,1209 -> 192.168.1.199,22 PR tcp
len 20 60 -S K-S OUT
14:33:43.442608 sis1 @200:2 p 64.187.160.149,1209 -> 192.168.1.199,22 PR tcp
len 20 60 -S K-S IN

As you can see, the three way handshake is not completing.  Steps 1 and 2
complete, but after the originating station (Linux PC 2) receives the
Syn/Ack packet, it sends a RST packet.

Without the m0n0wall in between, SSH works fine.

Any help would be appreciated.

Thanks.